Cisco Unified Communications Disaster Recovery Framework Vulnerability

The Disaster Recovery Framework is able to receive and execute commands without authentication. This can allow an attacker to cause denial of service conditions, obtain sensitive configuration information, overwrite configuration parameters, or execute DRF-related commands, including arbitrary system commands with full administrative privileges.

For further details and mitigation suggestions please see the original advisory at:http://www.cisco.com/warp/public/707/cisco-sa-20080403-drf.shtml

Leave a Reply